Hackers have recently released a second batch of data that they claim was stolen during a cyber incident involving Cisco in October 2024. According to the hacker known as IntelBroker, who is responsible for the breach, the latest leak, made public on Christmas Eve on Breach Forums, includes 4.84 GB of data, which is reportedly part of a larger trove totaling 4.5 TB.
The leaked data contains a wide range of sensitive files, including proprietary software artifacts such as Java binaries, source code, and application archives, network configurations like Cisco XRv9K virtual router images and configurations, testing logs and scripts, operational data like Zero Touch Provisioning (ZTP) logs and packages, cloud server disk images, and cryptographic signatures for payment SDKs such as Weixin Pay. Moreover, the leak also includes configuration files, internal project archives, and other miscellaneous documents, potentially exposing valuable intellectual property, network configurations, and operational insights.
The data breach incident can be traced back to a misconfigured public-facing DevHub resource that Cisco reportedly left exposed without proper password protection or security authentication, allowing the hackers to access and download the entire dataset in October 2024. IntelBroker, who succeeded in extracting 4.5 TB of information from the misconfigured server, initially released a partial data leak consisting of 2.9 GB of files on December 17, 2024.
In response to the incident, Cisco acknowledged the security breach that occurred in October 2024 and claimed that public access to the affected servers had been disabled. The company also asserted that none of its servers were breached and that no sensitive data was compromised. However, IntelBroker and other hackers contest this claim, particularly regarding the extent of the extracted data.
IntelBroker, known for carrying out high-profile data breaches, has a track record of targeting prominent organizations such as Apple, AMD, and Europol. In June 2024, the hacker claimed to have breached Apple Inc. and stolen source code for internal tools. Furthermore, IntelBroker boasted about breaching AMD and obtaining employee and product information. In May 2024, the hacker also hacked Europol, a breach later confirmed by the agency.
The ongoing exploitation of misconfigured systems and exposed data highlights the persistent issue of cybersecurity vulnerabilities. The incident involving Cisco and IntelBroker sheds light on the potential risks posed by such security lapses in crucial systems. Despite efforts to secure sensitive data and prevent unauthorized access, hackers continue to exploit vulnerabilities in various organizations, emphasizing the critical need for robust cybersecurity measures and proactive security practices.
In conclusion, the release of the second batch of stolen data related to the Cisco breach underscores the evolving challenges in cybersecurity and the critical importance of effectively securing sensitive information to prevent unauthorized access and data breaches. The incident serves as a stark reminder of the constant threats posed by cybercriminals and the urgent need for organizations to prioritize cybersecurity measures to safeguard their digital assets and protect against potential security incidents.